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Method, apparatus, memory 
card, and system for establishing a 
secure connection between a wireless 
communication apparatus and a data 
communication apparatus based on 
a wireless application protocol. The 
wireless communication apparatus 
is provided with contact means for 
receiving information from a separate 
unit provided with memory means. 
The memory means comprising 
information to control the access of 
the wireless communication apparatus 
through a wireless communication 
network connected to said data 
communication apparatus. 
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Secure session set up based on the Wireless Application Protocol. 

5 

Technical Field of the Invention 

The Wireless Application Protocol (WAP) defines an industry-wide 
specification for developing applications that operate over wireless 
communication networks. The wireless market is growing very quickly, and 
10 reaching new customers and services. To enable operators and 
manufacturers to meet the challenges in advanced sen/ices, differentiation 
and fast/flexible service creation a set of protocols has been designed in 
transport, security, transaction, session and application layers. 

15 Background of the Invention 

WAP security functionality includes the Wireless Transport Layer Security 
(WAPWTLS) and application level security, accessible using Wireless Markup 
Language Script (WMLScript). For optimum security, some parts of the 
security functionality need to be performed by a tamper-resistant device, so 

20 that an attacker cannot retrieve sensitive data. Such data is especially the 
permanent private keys used in WTLS handshake with client authentication, 
and for making application level electronic signatures (such as confirming an 
application level transaction). In WTLS, also master keys (master secrets) are 
relatively long living - which could be several days - this is in order to avoid 

25 frequent full handshakes which are quite heavy both computationally and due 
to relatively large data transfer. Master secrets are used as a source of 
entropy, to calculate MAC keys and message encryption keys which are used 
to secure a limited number of messages, depending on usage of WTLS. 
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US-A-5,307,411 describe the set up of a secure communication session 
between two communication units, such as phones or facsimile machines. 
The secure session is controlled by separate smart cards based verification 
units associated with a respective one of the communication units. These two 
5 verification units exchanges random number, encrypts these numbers by 
using private keys, returns the encrypted random numbers to their origin. 
Then the encrypted random number is decrypted based on public keys. If the 
received numbers corresponds to the transmitted numbers, the parties verifies 
each other an the secure session may take place. However, this requires that 

10 both communication units are provided with a smart card reader, which is not 
a necessary requirement in a server, like e.g. an Internet server. Thus, this 
document is quite restricting for the user, since it requires that both parties 
have a smart card reader, and is less suitable for communication between a 
wireless communication apparatus and a data communication apparatus. 

15 Also, every time a session is going to be established between the two 
communication apparatuses, an exchange of keys must be done. 

Also, US-A-5,371,794, by Sun Microsystems, discloses a way to providing a 
secure wireless communication link between a mobile nomadic device and a 

20 base computing unit. The mobile device sends a host certificate to the base 
along with a randomly chosen challenge value (CHI) and a list of supported 
shared key algorithms. The base sends random number (RN1) encrypted in 
the mobile's public key and an identifier for the chosen algorithm back to the 
mobile. The base saves the RN1 value and adds the CH1 value and the 

25 chosen algorithm to the mobile. The mobile verifies under the public key of the 
base the signature on the message. When the public key is verified, the 
mobile determines the value of RN1 by decrypting the public key under the 
private key of the mobile. The mobile then generates RN2 and a session key, 
and encrypts RN2 under the public key of the base to the base. The base 

30 verifies and decrypting the RN2, and determines the session key. Finally, the 
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mobile and the base can enter a data transfer phase using encrypted data 
which is decrypted using the session key which is RN1 + RN2. The values of 
RN1 and RN2 are always derived from the last key exchange, which may be 
from the initial connection setup or from the last key change message, 
5 whichever is more recent. This means that each time a data transfer is made, 
two new numbers is generated based on RN1 and RN2. which will make the 
data transfer quite slow. Thus, as in US-A-5,307,411 , every time a session is 
going to be established between the two apparatuses, in this case the mobile 
nomadic device and the base computing unit, an exchange of keys must be 
10 done. 

Summary of the tnvention 

The main object of the present invention is to establish a secure connection 
between a wireless communication apparatus and a data communication 
15 apparatus based on a wireless application protocol. 

Another object is to enable the user to re-establish a secure at a later 
occasion, since establishing a secure connection is a heavy procedure both 
computationally and due to intensive data transfer. That is why, there is a 
20 need to use the mutually agreed master secret for a relatively long time. The 
problem is to store the master key in a secure way. Partly due to that problem, 
it is common practice to restrict the lifecycle of the master secret and the 
associated secure session to e.g., 24 hours, after which it is required to 
perform the heavy key establishment procedure a new. 



The main object is achieved in accordance with the present invention by 
connecting a wireless communication apparatus, e.g. a cellular phone, to a 
separate unit, e.g. a smart card, a SIM (Subscriber Identity Module) card, etc., 
which may store sensitive data of a secure connection. This means that the 
30 wireless communication apparatus having some kind of contact means, for 



25 
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example wireless (e.g. infra-red. radio frequency, etc.) or physical (i.e. an 
electrical contact), for receiving information from the separate unit, i.e. the unit 
is provided with memory means. The memory means comprises information 
to control an access of the wireless communication apparatus through a 
5 wireless communication network, e.g. a cellular phone network, connected to 
a data communication apparatus, e.g. a server, which supports a Wireless 
Application Protocol (WAP). 

One advantage of using a separate unit, when establishing a secure 
10 connection, is that it will be much easier to re-establish a connection to the 
data communication apparatus. Thus, it is possible to save information, e.g. 
signatures, secret keys, etc., in the memory means, and may be re-used in 
another secure connection. In order to avoid fraud, the re-use of a secure 
connection can be restricted for limited period of time. By saving this 
15 information in the memory means the second object will be achieved. 

Another advantage is that the user pays less when re-establishing a secure 
session, in case of the necessary information to re-establishing is saved. 

20 To establish a connection, the wireless communication apparatus connects to 
the separate unit, accessing the wireless communication network connected 
to said data communication apparatus. Then the wireless communication 
apparatus transmits a request to the data communication apparatus. This 
request comprises information of which pre-defined algorithm(s) the wireless 

25 communication apparatus supports. When the data communication apparatus 
receives this request, it chooses at least one algorithm, associated with a 
public key and a private key, and transmits a message back to the wireless 
communication apparatus. This message comprises the public key and 
information about which algorithm the data communication apparatus has 

30 chosen. When the wireless communication apparatus receives the message. 
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comprising the public key, it will generate a master secret code, and 
calculates a signature based on the chosen algorithm, the public key and the 
master secret code. Thereafter, the wireless communication apparatus will 
transmit a respond to the data communication apparatus. This respond 
5 comprises the calculated signature. When the data communication apparatus 
receives the respond, comprising the signature, it will calculate the master 
secret code based on the chosen algorithm, the signature received, and the 
private key. Finally, the data communication apparatus will be able to 
establish a secure connection to the wireless communication apparatus. 

10 

Further advantages of the vane arrangement according to the present 
invention will be apparent from the dependent claims. 

15 

Brief Description of the Drawing 

Fig. 1 schematically illustrates a preferred embodiment of a hand portable 
phone according to the invention. 

20 

Fig. 2 schematically shows the essential parts of a telephone for 
communication with a cellular or cordless network. 

Fig. 3 schematically shows how the secure session is set up between a client 
25 /phone and a server according to the invention. 

Fig. 4 illustrates the message structure for setting up a secure connection 
according to the invention. 



30 Detailed Description of Embodiments 
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Fig. 1 shows a preferred embodiment of a phone according to the invention, 
and it will be seen that the phone, which is generally designated by 1, 
comprises a user interface having a keypad 2, a display 3, an on/off button 4, 
a speaker 5, and a microphone 6. The phone 1 according to the preferred 
5 embodiment is adapted for communication via a cellular network, but could 
have been designed for a cordless network as well. The keypad 2 has a first 
group 7 of keys as alphanumeric keys, by means of which the user can enter 
a telephone number, write a text message (SMS), write a name (associated 
with the phone number), etc. Each of the twelve alphanumeric keys 7 is 
10 provided with a figure "0-9" or a sign "#" or respectively. In alpha mode 
each key is associated with a number of letters and special signs used in text 
editing. 



The keypad 2 additionally comprises two soft keys 8, two call handling keys 9, 
15 and a navigation key 10. 



The two soft keys 8 have a functionality corresponding to what is known from 
the phones Nokia 2110^", Nokia 81 10^'^ and Nokia 3810™. The functionality of 
the soft key depends on the state of the phone and the navigation in the menu 
20 by using a navigation key. The present functionality of the soft keys 8 is 
shown in separate fields in the display 3 just above the keys 8. 



The two call handling keys 9 according to the preferred embodiment are used 
for establishing a call or a conference call, terminating a call or rejecting an 
25 incoming call. 



The navigation key 10 is an up/down key and is placed centrally on the front 
surface of the phone between the display 3 and the group of alphanumeric 
keys 7. Hereby the user will be able to control this key with his thumb. This is 
30 the best site to place an input key requiring precise motor movements. Many 
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experienced phone users are used to one-hand handling. They place the 
phone in the hand between the finger tips and the palm of the hand. Hereby 
the thumb is free for inputting information. 

5 Fig. 2 schematically shows the most important parts of a preferred 
embodiment of the phone, said parts being essential to the understanding of 
the invention. The preferred embodiment of the phone of the invention is 
adapted for use in connection with the GSM network, but. of course, the 
invention may also be applied in connection with other phone networks, such 

10 as cellular networks and various forms of cordless phone systems or in dual 
band phones accessing sets of these systems/networks. The microphone 6 
records the user's speech, and the analog signals formed thereby are A/D 
converted in an A/D converter (not shown) before the speech is encoded in 
an audio part 14. The encoded speech signal is transferred to the controller 

15 18, which i.a. supports the GSM terminal software. The controller 18 also 
forms the interface to the peripheral units of the apparatus, including a RAM 
memory 17a and a Flash ROM memory 17b, a SIM card 16, the display 3 and 
the keypad 2 (as well as data, power supply, etc.). The controller 18 
communicates with the transmitter/receiver circuit 19. The audio part 14 

20 speech-decodes the signal, which is transferred from the controller 18 to the 
earpiece 5 via an D/A converter (not shown). 

The controller 18 is connected to the user interface. Thus, it is the controller 
18 which monitors the activity in the phone and controls the display 3 in 
25 response thereto. 

Therefore, it is the controller 18 which detects the occurrence of a state 
change event and changes the state of the phone and thus the display text. A 
state change event may be caused by the user when he activates the keypad 
30 including the navigation key 10. and this type of events is called entry events 
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or user events. However, the network communicating with the phone may 
also cause a state change event. This type of event and other events beyond 
the user's control are called non user events. Non user events comprise 
status change during call set-up, change in battery voltage, change in 
5 antenna conditions, message on reception of SMS, etc. 

An example of a tamper-resistant device is a smart card (SC). In the phone, it 
can be the Subscriber identity Module (SIM) or an external smart card. 

10 The way which a phone and a smart card interact is specified as a command- 
response protocol. The goal of this protocol is to provide means for a WAP 
handset to utilize smart cards in performing WTLS and application level 
security functions. The functionality presented here is based on the 
requirement that sensitive data, especially keys, can be stored in the card, 

15 and all operations where these key are involved can be performed in the card. 
Different classes of the cards are introduced in order to define how widely the 
functionality is implemented. 

This specification is based on IS07816 series of standards on smart cards. In 
20 particular, it uses the IS07816-8 standard (draft) [1S07816-8]. When this 
functionality is applied to GSM SIM there may be a need to extend also the 
related GSM specifications [GSM1 1 .1 1], where applicable. 

According to the invention the smart card 16 is used to enhance security of 
25 the implementation of the Security Layer and certain functions of the 
Application Layer. The smart card 16 can be used for several purposes for 
WTLS. The major purpose of the smart card 16 is to perform cryptographic 
operations during the handshake, especially when the handshake is used for 
client authentication. Furthermore the memory of the smart card 16 is used for 
30 securing a master secret, a public key and other type of confidential material 
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during long-living WTLS sessions. Finally the mennory of the smart card 16 is 
used for recording the level security of the sessions. According to the 
invention the WTLS support in a smart card 16 can be described with 
reference to the following three embodiments. 

5 

First embodiment. 

According to this embodiment, the smart card 16 is used for storage of 
permanent, typically certified, private keys and for performing operations 
using these keys. The operations includes signing operation (e.g., ECDSA or 
10 RSA) for client authentication when needed for the selected handshake 
scheme; key exchange operation using a fixed client key (e.g., ECDH key, in 
ECDH_ECDSA handshake). 



The smart card 16 is not required to perform the calculation of the master 
15 secret or operations using the master key. These calculations may 
advantageously be performed by the controller 18 of the phone. However, the 
smart card 16 may act as a persistent storage for WTLS secure session (and 
connection) data, including master secrets. In this case, master secrets would 
be calculated and used for key derivation in the volatile phone memory (the 
20 RAM 17a) but erased from there when not needed at that moment, e.g., when 
the user exits from secure WAP applications. Not storing session data 
persistently in phone 1 may improve security, e.g., in the case of a stolen 
phone 1. It also brings better usability in the case of changing the smart card 
16 from one phone 1 to another. 

25 

Additionally, for portability, the smart card 16 may store needed certificates. 
Storage of trusted root certificates (or public keys) has significance also from 
security point of view: they must not be altered - but they can be exposed 
without danger. 



30 
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Note that when public key encryption based key exchange (e.g.. RSA) is used 
according to the first embodiment of the invention, there is no advantage in 
doing public key encryption on the smart card 16 when the pre-master secret 
would anyway be returned to the phonel, for master secret calculation in the 
5 controller 18. 

When client authentication is not supported in WTLS, at the minimum, the 
smart card 16 only acts as a storage for session data. If client authentication 
is supported, the card would be able to perform a signing operation based on 
10 a private key (e.g., ECDSA or RSA) stored in the card, or key agreement 
calculation (e.g.. ECDH) based on a fixed key stored in the card. 

Second embodiment. 

According to the second embodiment, the smart card 16 is used as a tamper 
1 5 resistant device for all crypto-critical functionality: storage of all persistent keys 
and operations using these keys. Besides the operations performed according 
the first embodiment, the smart card 16 now also supports the 
calculation (ECDH key exchange) or generation (RSA key exchange) of the 
pre-master secret; calculation and storage of the master secret for each 
20 secure session; and derivation and output of key material (for MAC, 
encryption keys, IV, finished check), based on the master secret 

The phone 1 stores MAC and message encryption keys as long as they are 
currently needed. These keys have a limited lifetime which may be negotiated 
25 during the WTLS handshake - in the extreme case they are used for a single 
message only. The phone 1 has to delete the from its RAM memory 17a when 
the user exits from the secure WAP applications. These keys can always be 
derived anew from the master secret if needed. 
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An attacker who obtains a message encryption key can read as many 
messages as is agreed in the key refresh configuration (in the extreme case, 
a single message). An attacker who obtains a MAC key can impersonate the 
compromised party during as many messages as is agreed in the 
5 configuration (in the extreme case, a single message). 

Third embodiment. 

Certain specialized smart cards 16 may act as full-blown security engines for 
WTLS. This requires that the smart card 16 is equipped with its own 
10 processing unit and only uses the phone 1 as an interface to the cellular 
network during the secure session set up or the handshake procedure. 
Besides the operations according to the second embodiment, the smart card 
16 may store MAC and encryption keys for each secure connection; and 
perform MAC calculation/verification and encryption/decryption of messages. 

15 

Furthermore the smart card 16 may be responsible for the verification of 
certificates and the verification of digital signatures. 

Note that having message encryption in the smart card 16 does not 
20 necessarily bring any additional security because in any case the data is as 
plain text in the phone 1. The same is true for MAC calculation: the phone 1 
must be trusted to input and output data in a correct way. The only advantage 
here would be not having to take encryption keys out of the card 16. However, 
the keys have a limited lifetime which is negotiated during the WTLS 
25 handshake - in the extreme case they are used for single message only. 
According to the third embodiment, the smart card 16 will contain all 
algorithms so that they could be controlled by smart card issuers. 

Smartcard. 
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The term "smartcard" covers a card-like unit having some memory means in 
which some secret information identifying the card holder is stored. The 
memory means may be a magnet strip that may be read by a magnet reader, 
or it may be provided as discrete memory components as a ROM, EEPROM 
5 etc. When the user inserts the smart card in a more or less public apparatus 
he may become authorized to perform some operations such as banking 
operations. Presently the user of a GSM phone is identified by a so-called 
Subscriber Identity Module or a SIM card 16. and the structure of this type of 
smart card is defined in the GSM specification "Specification of the Subscriber 
10 Identity Module - Mobile Equipment (SIM - ME) interface", GSM 11,11 version 
5.5.0, published by European Telecommunications Standards Institute; ETSI. 
The present type of smartcards will be able to support the first embodiment 
explained above. 

15 Gemplus has recently launched a smartcard. GemXpresso RAD, based on a 
32-bit chip from Texas Instruments using ARM7 RISC core technology. This 
32 bit RISC processor has a 32 kbyte of non volatile flash memory and 8 
kbyte of ROM. When the mechanical interface of the Gemplus card is adapted 
to fulfill the GSM specification this type of smartcard will be able to support the 

20 second and the third embodiment. 

Network. 

Fig. 3 schematically shows how the secure session, i.e. a secure connection, 
between a data communication apparatus and a wireless communication 

25 apparatus, e.g. a cellular phone 1. Basically the WAP content and 
applications are specified in a set of well-known content formats based on the 
familiar WWW content formats. Content is transported using a set of standard 
communication protocols based on the WWW communication protocols. A 
browser in the phone 1 co-ordinates the user interface and is 

30 analogous to a standard web browser. 
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The wireless communication apparatus 1 is a client 1 who wants to establish 
a secure connection to a server 20,30,40, which is the data communication 
apparatus 20,20,30. The client is provided in an environment, which make it 
5 possible to reach a wide variety of different wireless platforms, e.g. world wide 
web (WWW). The environment provided may be referred to as Wireless 
Application Environment (WAE). This means that the client 1 may be 
supported by some kind of browser, e.g. a micro-browser, to access the 
different services connected to the server. In order to access these services 
10 the browser may comprise following functionalities: 

• Wireless Markup Language (WML) - a lightweight markup language, similar 
to HTML, but optimised for use in hand-held mobile terminals; 

■ WMLScript - a lightweight scripting language, similar to JavaScript™; 

• Wireless Telephony Application (WTA. WTAI) - telephony services and 
15 programming interfaces; and 

• Content Formats - a set of well-defined data formats, including images, 
phone book records and calendar information. 

The server 20 is using a wireless application protocol, and may comprise a 
20 gateway 30 and an origin server 40. The gateway 30 is also a server, which 
may identify and encrypt/decrypt information between the client 1 and the 
origin server 40. This means that the gateway is provided with encoders and 
decoders (not shown). Also, the server 20 comprises different algorithms to 
make the encryption/decryption. The encryption/decryption itself may be 
25 performed by well-known methods, e.g. RSA. Diffie-Hellman, etc. The origin 
server 40 comprises different scripts to support WAP and data to be accessed 
by the client. This data may be all kind of information, e.g. weather reports, 
news, information from stock markets, etc. 
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In order to access the server 20. from the client 1, the server has to be 
connected to a wireless comnnunication network 50, e.g. a cellular phone 
network. Therefore, in accordance with the present invention, the client is 
provided with contact means (not shown) for receiving information from a 
5 separate unit (not shown) provided with memory means. This separate unit 
may be a smart card, subscriber identity module (SIM), or the like. The 
memory means may be a random access memory (RAM), read only memory 
(ROM), or the like. Further, the memory means comprises information to 
control the access of the server 20 through the wireless communication 
10 network 50. 

To establish a secure connection, the client 1 connects to the separate unit, 
accessing the wireless communication network 50 connected to the server 20. 
Then the client 1 transmits an encrypted request 60 through the gateway 30. 

15 This encrypted request 60 comprises information of which pre-defined 
algorlthm(s) the client 1 supports. When the gateway 30 receives this 
encrypted request 60. it sends 70 the encrypted request to the origin server 
40. The origin server 40 chooses at least one algorithm, associated with a 
public key and a private key. and transmits a message 80 back to the 

20 gateway 30. The gateway encrypts the message and send it 90 to the client 1 . 
This message 90 comprises the public key and information about which 
algorithm the sender 20 has chosen. When the client 1 receives the encrypted 
message 90, comprising the public key, it will generate a master secret code, 
and calculates a signature based on the chosen algorithm, the public key and 

25 the master secret code. Thereafter, the client 1 will transmit an encrypted 
respond 65 to the gateway 30. This encrypted respond 65 comprises the 
calculated signature. When the gateway 30 receives the encrypted respond 
80. comprising the signature, it will decrypt the respond 75 and send it to the 
origin server 40. The origin server will calculate the master secret code based 

30 on the chosen algorithm, the signature received, and the private key. Finally. 
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the origin server 40 sends a final nnessage 85 to the client through the 
gateway 30. If the origin server 40 has accepted the clients 1 request 60, the 
server will be able to establish a secure connection between the origin server 
40 and the client 1 , else the connection will be terminated. 

5 

Setting up a secure connection. 

Fig. 4 illustrates the message structure for setting up a secure connection 
according to the invention. 

10 The cryptographic parameters of the secure session are produced by the 
WTLS Handshake Protocol, which operates on top of the WTLS Record 
Layer. When a WTLS client and server first start communicating, they agree 
on a protocol version, select cryptographic algorithms, optionally authenticate 
each other, and use public-key encryption techniques to generate a shared 

1 5 secret. 

The WTLS Handshake Protocol is described Wireless Transport Layer 
Security Specification dated 30. April 1998 and is a part of the Wireless 
Application Protocol. 

20 

The WTLS Handshake Protocol involves the following sequence of steps. 
When the a WAP session has been set between the phone 1 (the client) and 
the server 20 (e.g. a bank), and the client (phone 1) wants to establish a 
secure connection he sends a client hello message 100 as his first message. 

25 This message includes a key exchange list that contains the cryptographic 
key exchange algorithms supported by the client in decreasing order of 
preference. In addition, each entry defines the certificate or public key the 
client wishes to use. The server will select one or, if no acceptable choices 
are presented, return a handshake_failure alert and close the secure 

30 connection. 
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In response to the client hello nnessage 100 the server 20 will send a server 
hello message 101 when it was able to find an acceptable set of algorithms. If 
it cannot find such a match, it must respond with a handshake_failure alert. 
5 The server hello message 101 will identify the session and set up the 
parameters need for the session. 

The server 20 will furthermore transmit a server certificate message 102. The 
server certificate message 102 will always immediately follow the server hello 

10 message 101 , and the purpose of this server certificate message 102 identify 
the cryptation algorithm selected by the server from the key exchange list 
included in the client hello message 100. The server certificate message 102 
will include a so-called certificate carrying a public key for the selected 
encryption algorithm. The server certificate message 102 includes information 

15 about issuer of the certificate, the beginning and the end of the validity period, 
and parameters relevant or the public key. The server controls the validity 
period and when the granted validity period is expired the client has to renew 
the secure connection. The length of the validity period will typically be in the 
level of a week or more. The maximum number of session will also have to be 

20 defined. 



A Server Key Exchange Message 103 will be send as a third message 
immediately after the server certificate message 102. The server key 

25 exchange message 103 is optionally and will be sent by the server 20 only 
when the server certificate message102 does not contain enough data to 
allow the client 1 to exchange a pre-master secret. This message 103 
conveys cryptographic information to allow the client to communicate the pre- 
master secret: either an RSA public key to encrypt a secret with, or Elliptic 

30 Curve Diffie-Hellman parameters with which the client can complete a key 
exchange (with the result being the pre-master secret). As additional Key 
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Exchange Suites are defined for WTLS which include new key exchange 
algorithms, the server key exchange message will be sent if and only if the 
certificate type associated with the key exchange algorithm does not provide 
enough information for the client to exchange a pre-master secret. 

5 

Also a forth message - a Server Certificate message 104 - is optionally. This 
message 104 requests a certificate from the client, if appropriate for the 
selected cipher suite. This message will immediately follow the Server 
Certificate message 102 and Server Key Exchange message 103. 

10 

In order to inform the client that the server has ended of the Server Hello 
session, it transmits a Server Hello Done message 105. After sending this 
message 105 the server 20 will wait for a client response. This message 
indicates that the server 20 has send messages to support the key exchange. 
15 and that the client 20 can proceed with its phase of the key exchange. 

Upon receipt of the server hello done message the client should verify that the 
server provided a valid certificate if required and check that the server hello 
parameters are acceptable. 

20 If the server 20 asks for an Client Certificate message 107. the client 1 has to 
transmit such a after receiving a Server Hello Done message 105. This 
message is only sent if the server 20 requests a certificate. If no suitable 
certificate is available, the client must send a certificate message containing 
no certificates. If client authentication is required by the server for the 

25 handshake to continue, it may respond with a fatal handshake_failure alert. 
Client certificates are sent using the Certificate structure defined previously for 
server certificates. 

Now the phone 1 or the client starts to calculate a 20 byte random number to 
30 be used as a Master Secret 106 for the secure sessions. The master secret 
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106 is used to derive key material needed for Message Authentication Code 
(MAC) keys and data encryption keys. MAC and data encryption provide data 
integrity and privacy between communicating parties. A public key based key 
establishment is a heavy procedure both computationally and due to intensive 
5 data transfer. That is why. there is a need to use the mutually agreed master 
secret 106 for a relatively long time. 

The processor or the controller 18 of the phone 1 calculates the master 
secret. A smart card, e.g. the SIM card 16, which can be regarded as a tamper 

10 resistant device, is used for storage of the sensitive data of the secure 
session, and performing operations using that sensitive data, so that this data 
never leaves the card. In practice the secure information will be transferred 
from the SIM card 16 to the working RAM 17a of the processor 18 but these 
information will be overwritten when no session is ongoing or when the phone 

15 lis switched off. 

According to the first embodiment of the invention the controller 18 performs 
the operations needed for the key establishment, e.g., Diffie-Hellman 
calculation or RSA encryption and complementary calculations. Then the 

20 controller 18 persistently stores the resulting secret key (master secret 106) in 
the SIM card 16. Then the controller 18 performs the key derivation based on 
the master secret 106 and additional data (e.g.. seed), producing key material 
for MAC calculation and encryption. The key derivation function is security 
protocol specific. It is typically based on some secure hash function, e.g., 

25 SHA-1. 

Preferably the SIM card 16 is provided as a smart card having its own 
processor, whereby both the operations needed for performing the key 
establishment and the key derivation based on the master secret may be 
30 performed inside the smart card. Then the master secret, and data used to 
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calculate it, would never have to leave smart card. So, the secure session 
associated with the master secret can be used during a long period 

A Client Key Exchange Message 108 will immediately follow the client 
5 certificate message 107, if it is sent. OthenA/ise it will be the first message sent 
by the client 1 after it receives the Server Hello Done message 105. With this 
message 108, a pre-master secret is set, either through direct transmission of 
the RSA-encrypted secret, or by the transmission of EC Diffie-Hellman public 
key which will allow each side to agree upon the same pre-master secret. 

10 

Then the Master Secret 106 is encrypted by using the public key from the 
sen/er's certificate and the agreed RSA algorithm. The result is send to the 
server 20 in an encrypted master secret message 109. 

15 A Certificate Verify message 110 is used to provide explicit verification of a 
client certificate. This message is only sent by the client following a client 
certificate Message 107 that has signing capability (i.e.. RSA certificates). 

Both ends has to send finished messages 111 and 112 at the end of the 
20 handshake to verify that the key exchange and authentication processes were 
successful. 

The finished messages 111 and 112 is the first messages protected with the 
just-negotiated algorithms, keys, and secrets. Recipients of finished 
25 messages must verify that the contents are correct. Once a side has sent its 
Finished message and received and validated the Finished message from its 
peer, it may begin to send and receive application data 113 over the secure 
connection. It is a critical or fatal error if a finished message is not preceded 
by a change cipher spec message at the appropriate point in the handshake. 

30 
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The value hanclshake_messages includes all handshake messages starting at 
client hello up to, but not including, this finished message. The 
handshake_messages for the finished message sent by the client will be 
different from that for the finished message sent by the server, because the 
5 one which is sent second will include the prior one. 

As long as a secure connection is valid application data session 113 may be 
initiated just by using Client Hello messages 100 and Server Hello messages 
101. 



10 





Acronyms. 






APDU 


Application Protocol Data Unit 




API 


Application Programming Interface 




CA 


Certification Authority 


15 


CBC 


Cipher Block Chaining 




DF 


Dedicated File 




DH 


Diffie-Hellman 




EC 


Elliptic Curve 




ECC 


Elliptic Curve Cryptography 


20 


ECDH 


Elliptic Curve Diffie-Hellman 




ECDSA 


Elliptic Curve Digital Signature Algorithm 




EF 


Elementary File 




GSM 


Global System for Mobile Communication 




IV 


Initialization Vector 


25 


MAC 


Message Authentication Code 




ME 


Management Entity 




OS! 


Open System Interconnection 




PDU 


Protocol Data Unit 




PRF 


Pseudo-Random Function 


30 


SAP 


Service Access Point 
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SDU Service Data Unit 

SHA-1 Secure Hash Algorithm 

SIM Subscriber Identity Module 

SMS Short Message Service 

5 SSL Secure Sockets Layer 

TLS Transport Layer Security 

WAP Wireless Application Protocol 

WML Wireless Markup Language 
WMLScript Wireless Markup LanguageScript 

10 WDP Wireless Datagram Protocol 

WSP Wireless Session Protocol 

WTLS Wireless Transport Layer Security 

WTP Wireless Transaction Protocol 



15 The list above includes the acronyms used in the present text. Detailed 
discussion and explanation of the acronyms may be found in the technical 
specifications defining the Wireless Application Protocol on the Internet 
homepage for WAPFORUM, http://www.wapforum.org/. 
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CLAIMS 



1. 

5 
10 
15 
20 



Method for establishing a secure connection between a wireless 
communication apparatus and a data communication apparatus based on 
a wireless application protocol, wherein said wireless communication 
apparatus having contact means for receiving information from a separate 
unit provided with memory means, said memory means comprising 
information to control the access of the wireless communication apparatus 
through a wireless communication network connected to said data 
communication apparatus, comprising the following steps: 

- connecting said wireless communication apparatus to the separate 
unit, accessing the wireless communication network connected to said 
data communication apparatus 

- the wireless communication apparatus transmits a request to the data 
communication apparatus to establish a connection, said request 
comprising information of which pre-defined algorithm(s) the wireless 
communication apparatus supports, 

- upon reception of said request, the data communication apparatus 
choose at least one algorithm, associated with a public key and a 
private key. and transmits a message back to the wireless 
communication apparatus, said message comprising the public key 
and information about which algorithm the data communication 
apparatus has chosen, 

- upon reception of the message, comprising the public key, the wireless 
communication apparatus generates a master secret code, and 
calculates a signature based on the chosen algorithm, the public key 
and the master secret code, and transmits a respond to the data 
communication apparatus, said respond comprising the calculated 
signature, 
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- upon reception of the respond comprising the signature, the data 
communication apparatus calculates the master secret code based on 
the chosen algorithm, the signature received and the private key, and 
establish a secure connection to the wireless communication 
5 apparatus, and 

saving said master secret code on said memory means and in the data 
communication apparatus, in order to re-establish the connection at a 
later occasion. 

10 2. A method according to claim 1. and comprising a step of saving said 
master secret under a pre-defined time. 

3. A method according to claim 1 or 2, and comprising a step of re- 
establishing the connection by 

15 - transmitting a request from the wireless communication apparatus to 
the data communication apparatus, said request comprising the 
calculated signature based on the chosen algorithm, the public key and 
the stored secret key, and 

upon reception of the request, the data communication apparatus 
20 calculates the master secret code based on the chosen algorithm, the 

signature received, and the private key, and. establish a secure 
connection to the wireless communication apparatus. 

4. A method according to claim 1, 2, or 3, and comprising a step of providing 
25 said memory means in a smart card. 

5. Wireless communication apparatus for establishing a secure connection to 
a data communication apparatus based on a wireless application protocol, 
said wireless communication apparatus comprising: 



• 



wo 00/02358 



PCT/EP99/04720 



10 
15 
20 

6. 

25 7. 
8. 

30 



- communication means for establishing a connection to a wireless 
communication network connected to said data communication 
apparatus, 

- contact means for receiving information from a separate unit provided 
with memory means, said memory means is provided with information 
to control the access of the data communication apparatus through the 
wireless communication network, 

- reading means for reading information received from the data 
communication apparatus and the information provided on said 
memory means, 

- random generating means, for generating a master secret code, 

- pre-defined algorithm(s), to generate a signature based on said master 
secret code and a public key received from said data communication 
apparatus, which is to be used when the wireless communication 
apparatus is going to establish a secure connection to the data 
communication apparatus, and 

- said reading means comprising a secure database provided with at 
least one master secret code and/or at least one signature related to 
one or more data communication apparatus, in order to re-establish a 
secure connection to a data communication apparatus. 

A wireless communication apparatus according to claim 5. having its 
memory means exchangeable. 

An apparatus according to claim 5 or 6, said memory means is a smart 
card. 

An apparatus according to claim 5, 6, or 7, said memory means is a 
subscriber identity module. 
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9. Memory card for establishing a secure connection between a wireless 
communication apparatus and a data communication apparatus based on 
a wireless application protocol, arranged to be connected to said wireless 
communication apparatus having contact means for receiving information 

5 from the memory card, and said memory card is provided with information 
to control the access of the data communication apparatus through a 
wireless communication network. 

10. A memory card according to claim 9. further comprising encryption means 
10 for encrypting the master secret, which is to be used as a signature for the 

wireless communication apparatus when it is establishing a secure 
connection. 

11. A memory card according to claim 9 or 10, comprising a secure database 
15 provided with at least one master secret code and/or at least one signature 

related to one or more data communication apparatus, in order to re- 
establish a secure connection to a data communication apparatus. 

12. A memory card according to claim 9. 10, or 11, is provided on a smart 
20 card. 

13. System for establishing a secure connection when using a wireless 
application protocol, comprising: 

- a data communication apparatus based on the wireless application 
25 protocol, 

- a wireless communication network, connected to said data 
communication apparatus. 

- a wireless communication apparatus having contact means for 
receiving information from a separate unit provided with memory 

30 means, and 
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- the separate unit provided with the memory means, said memory 
means, comprising information to control the access of the wireless 
communication apparatus through the wireless communication 
network, wherein 

5 - the wireless communication apparatus is arranged to transmit a 
request to the data communication apparatus to establish a 
connection, said request comprising information of which pre-defined 
algorithm(s) the wireless communication apparatus supports, 

- upon reception of said request, the data communication apparatus is 
10 arranged to choose at least one algorithm, associated with a public key 

and a private key, and to transmit a message back to the wireless 
communication apparatus, said message comprising the public key 
and information about which algorithm the data communication 
apparatus will choose, 

15 - upon reception of said message, comprising the public key. the 
wireless communication apparatus is arranged to generate a master 
secret code, to calculate a signature based on the chosen algorithm, 
the public key and the master secret code, and to transmit a respond to 
the data communication apparatus, said respond comprising the 

20 calculated signature, 

- upon reception of the respond comprising the signature, the data 
communication apparatus is arranged to calculate the master secret 
code based on the chosen algorithm, the signature received, and the 
private key, and, thus establish a secure connection to the wireless 

25 communication apparatus, and 

- said memory means and the data communication apparatus are 
arranged to save said master secret code, in order to re-establish the 
connection at a later occasion. 
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14. A system according to claim 13, said master secret is arranged to be 
saved under a pre-defined time. 



15. A system according to claim 13, or 14, said memory means is a smart 
5 card. 
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1 .4,6-8,1 1 -21 as originally filed 
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1 -24 as received on 05/08/2000 with letter of 28/07/2000 

Drawings, sheets: 

1/2,2/2 as originally filed 

2. The amendments have resulted in the cancellation of: 

□ the description, pages; 

□ the claims, Nos.: 

□ the drawings, sheets: 

3. H This report has been established as if (some of) the amendments had not been made, since they have been 

considered to go beyond the disclosure asiUed (Rule 70.2(c)): 

see separate sheet 

4. Additional observations, if necessary: 
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1. 



Statement 



Novelty (N) 



Yes: 
No: 



Claims 
Claims 



1-14, 19-22, 24 
15-18, 23 



Inventive step (IS) 



Yes; 
No: 



Claims 
Claims 



1-12, 19-21 
15-18, 22-24 



Industrial applicability (lA) Yes: Claims 1-24 

No: Claims 

2. Citations and explanations 
see separate sheet 

VII. Certain defects in the international application 

The following defects in the fomn or contents of the intemational application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 
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Re Item I 

Basis of the report 

1 The amendments made to claims 1, 5, 14, 19 (corresponding to original claim 13), 
22, and 24 go beyond the international application as originally filed. 

1.1 In particular, new claims 1, 5, and 19 now contain the formulation "memory means 
including a separate unit", wherein the memory means forms part of the wireless 
communication apparatus. This differs from the wording in the respective original 
claims 1, 5, and 13 where the formulation "a separate unit provided with memory 
means" was used. Whereas the original wording finds support in the original 
description, this is not the case for the amended wording since the new wording 
teach that memory means are present in the wireless communication apparatus 
and that these memory means in turn include a separate unit. Clearly, the latter 
feature has not been disclosed in the international application as originally filed, 
be it explicitly or implicitly having particular regard to figure 2, boxes 16 and 17 
(see the International Preliminary Examination Guidelines VI-7.9). 

1 .2 The additional feature of claim 1 4 calls for a wireless application apparatus which 
does not include a smart card, i.e. a separate unit. However, the original descrip- 
tion on page 3, line 26 to page 4, line 7 specifies that, according to the invention, a 
smart card must be present. Claim 14 goes beyond the original disclosure by 
excision of essential features of the invention (see the International Preliminary 
Examination Guidelines VI-7.9). 

1.3 The subject-matter of claim 22 includes "means for retrieving access information 
..." and "means for retrieving a signature ..." which have not been disclosed as 
such in the international application as originally filed. Rather, the description on 
page 3, line 26 to page 4, line 7 calls for a separate unit being connected to the 
wireless communication apparatus, which unit comprises a memory in which is 
stored control information. Claim 22 goes beyond the original disclosure by 
excision of essential features of the invention (see the International Preliminary 
Examination Guidelines VI-7.9). 

1.4 The subject-matter of claim 22 includes "memory means provided with information 
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to control ..." which have not been disclosed as such in the international applica- 
tion as originally filed. Rather, the description on page 3, line 26 to page 4. line 7 
calls for a separate unit being connected to the wireless communication appara- 
tus, which unit comprises a memory in which is stored control information. Claim 
22 goes beyond the original disclosure by alteration of essential features of the 
invention (see the International Preliminary Examination Guidelines VI-7.9). 

2 Therefore, the international preliminary examination report is established as if the 
amendments had not been made (Rule 70.2 (c) PCT; also see the International 
Preliminary Examination Guidelines VI-7.8). 

Re Item V 

Reasoned statement under Rule 66.2 (a) (ii) with regard to novelty, inventive step 
or industrial applicability; citations and explanations supporting such statement 

3 Reference is made to the following document: 

D1: WO 97 24831 A (MCI COMMUNICATIONS CORPORATION) 10 July 
1997 

4 The subject-matter of claims 1, 5, and 19, as far as their features are disclosed in 
the international application as originally filed (see Re Item I above), appears to be 
novel and to involve an inventive step. 

4.1 Claim 1 concerns a method for establishing a secure connection between a 
wireless communication apparatus and a data communication apparatus. 

Closest prior art is document D1 which describes a communications system, 
which may also be a wireless communications system, in a which a master key is 
stored in a smart card. 

The subject-matter of claim 1 is based on the problem to provide a master key to 
a separate unit of a secure communications system. 

The problem is solved by having the wireless communication apparatus generate 
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a master secret code and having it then saved on the separate unit, which is 
connected to the wireless communication apparatus via contact means. 

The solution is not disclosed or suggested by the prior art. Therefore, the subject- 
matter of claim 1 appears to be novel and to involve an inventive step. 

4.2 Claim 5 is a representation of method claim 1 in terms of features of a wireless 
communication apparatus. Therefore, the above arguments with respect to 
novelty and obviousness of the subject-matter of claim 1 similarly apply to claim 5 
Consequently, the subject-matter of claim 5 also appears to be novel and to 
involve an inventive step. 

4.3 Claim 19 is a representation of method claim 1 in terms of features of a system for 
establishing. Therefore, the above arguments with respect to novelty and obvious- 
ness of the subject-matter of claim 1 similarly apply to claim 19 Consequently, the 
subject-matter of claim 19 also appears to be novel and to involve an inventive 



5 Dependent claims 2 to 4. 6 to 13, and 20 to 21 refer to independent claims (as far 
as these are disclosed; see Re Item I above) which appear to be novel and to 
involve an inventive step. Therefore, the subject-matter of claims 2 to 4, 6 to 13, 
and 20 to 21 also appears to be novel and to involve an inventive step. 

6 The subject-matter of claims 15 (corresponding to original claim 9) and 23 
appears not to be novel over the disclosure of document D1 in the sense of Article 
33 (2) PCT. 

6.1 Document D1 discloses, in terms of claim 15, a memory card (see page 4, lines 5 
to 9) for establishing a secure connection between a wireless communication 
apparatus and a data communication apparatus based on a wireless application 
protocol, arranged to be connected to contact means, provided on said wireless 
communication apparatus (see page 6, lines 9 to 19), for providing information 
from the memory card to the wireless communication apparatus, said information 
is arranged to control the access of the data communication apparatus through a 
wireless communication network (see page 2, lines 16 to 18), and to save a 



step. 
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calculated master secret related to one or more data communication apparatus, in 
order to re-establish a secure connection to a data communication apparatus (see 
page 4, lines 5 to 7). 

6.2 Since all features of claim 15 are known in combination from document D1, the 
subject-matter of claim 15 appears not to be novel (Article 33 (2) PCT). 

6.3 Claim 23 effectively relates to the same subject-matter as claim 15 and differs 
therefrom only with regard to the definition of the subject-matter or the terminology 
used (see Re Item VIII below). Therefore, the above arguments regarding lack of 
novelty of the subject-matter of claim 15 similarly apply to claim 23. Consequently, 
the subject-matter of claim 23 also appears not to be novel (Article 33 (2) PCT). 

7 The additional features of claims 16 to 18 do not lead to subject-matter which 
would appear both to be novel and to involve an inventive step. 

7.1 The additional feature of claim 16 is also disclosed in document D1 (see page 1 1, 
lines 13 to 15, and lines 23 to 26). Therefore, the subject-matter of claim 10 also 
appears not to be novel. 

7.2 The additional feature of claim 17 is also disclosed in document D1 (see page 5, 
lines 3 to 9). Therefore, the subject-matter of claim 1 1 also appears not to be 
novel. 

7.3 The additional feature of claim 18 is also disclosed in document D1 (see page 1, 
lines 9 to 19). Therefore, the subject-matter of claim 12 also appears not to be 
novel. 

8 The subject-matter of claims 14, 22, and 24, as far as their features are disclosed 
in the international application as originally filed (see Re Item I above), are matters 
of normal design procedure. Therefore, the subject-matter of claims 14, 22, and 
24 appear not to involve an inventive step. 

9 The industrial applicability of the subject-matter of all the claims is beyond any 
doubt. 
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Re Item VII 

Certain defects in the international application 

10 Independent claims 1, 5. 15, 19, and 22 to 24 are not in the two-part form in 
accordance with Rule 6.3 (b) PCX, which in the present case would be appropri- 
ate, with those features known in combination from the prior art document D1 
being placed in a preamble (Rule 6.3 (b) (i) PCT) and with the remaining features 
(in particular the features of generation of a master secret code in the wireless 
communication apparatus, calculation of the master secret code in the data 
communication apparatus, and saving the master secret code on the memory 
means) being included in a characterising part (Rule 6.3 (b) (ii) PCT). 

1 1 Reference signs in parentheses should have been inserted in all the claims to 
increase their intelligibility, Rule 6.2 (b) PCT. This applies to both the preamble 
and characterising portion (see also PCT International Preliminary Examination 
Guidelines 1 1 1-4.1 1). Where a method claim makes reference to apparatus 
features, these should also have been accompanied by the respective reference 
signs wherever appropriate. 

12 Contrary to the requirements of Rule 5.1 (a) (ii) PCT, the relevant background art 
disclosed in the document D1 is not mentioned in the description, nor is this 
document identified therein. The document D1 should therefore have been 
mentioned in the introductory portion of the description (see also PCT Interna- 
tional Preliminary Examination Guidelines 11-4.4). 

Re Item VIII 

Certain observations on the international application 

13 Although claims 5, 22, and 24, directed to a wireless communication apparatus, 
respectively, and claims 15 and 23, directed to a memory card, respectively, have 
been drafted as separate independent claims, they appear to relate effectively to 
the same subject-matter and to differ from each other only with regard to the 
definition of the subject-matter for which protection is sought or in respect of the 
terminology used for the features of that subject-matter. The aforementioned 
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claims therefore lack conciseness. Moreover, lack of clarity of the claims as a 
whole arises, since the plurality of independent claims makes it difficult, if not 
impossible, to determine the matter for which protection is sought, and places an 
undue burden on others seeking to establish the extent of the protection. 

Hence, claims 5, 22, and 24, and claims 15 and 23, do not meet the requirements 
of Article 6 PCT. An amended set of claims defining the relevant subject-matter in 
terms of a single independent claim in each category followed by dependent 
claims covering features which are merely optional should have been filed (Rule 
6.4 PCT). 

14 Claims 1, 5, 19, 22, and 24 are not clear in the sense of Article 6 because they 
lack an essential feature. According to the description on page 3, line 26 to page 
4, line 3, and on page 14, lines 3 to 5, it is an essential feature of the invention 
that the wireless communication apparatus is provided with contact means. 
However, this feature is absent from all of claims 1, 5, 19, 22, and 24 rendering 
them not clear (see also the International Preliminary Examination Guidelines III- 
4.3). Clear claims should have been filed. 

15 Claims 1, 5, and 19 are not clear in the sense of Article 6 PCT in that they are not 
consistent with the description. According to claims 1 , 5, and 19, the generation of 
a master secret code is performed by the wireless communication apparatus. 
However, according to the description on page 10, line 13 to page 11, line 27 
relating to the second and third embodiments of the invention, the generation of 
the master key is performed in the separate unit, i.e. the smart card (particularly 
see page 10, lines 16 to 19, and page 1 1, lines 8 to 14). Therefore, the second 
and third embodiments do not fall under scope of claims 1, 5, and 19 rendering 
these claims not clear in the sense of Article 6 PCT (see also the International 
Preliminary Examination Guidelines III-4.3 "Another form of inconsistency ..."). It 
should have been indicated in the description that the second and third embodi- 
ments are not embodiments according to the invention. 

16 Claim 5 is not clear in the sense of Article 6 PCT in that it tries to define a wireless 
communication apparatus using features which do not belong to the apparatus. In 
particular, claim 5 includes a limitation with respect to the memory means (".., is 
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provided with information to control the access ,..") which does not form part of the 
apparatus but is only associated with the claimed apparatus when it is in use (see 
also claim 15 defining the very same feature for the memory card). Clarification 
would have been required (see also the International Preliminary Examination 
Guidelines lll-4.8a). 

17 New claim 13 is not clear in the sense of Article 6 PCX because it is formulated as 
a dependent claim where the base claims are of a different category. Further- 
more, claim 13 does not provide an additional teaching whatsoever. 
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US-A-5.307,411 describe the set up of a secure communication session 
between two communication units, such as phones or facsimile machines. 
The secure session is controlled by separate smart cards based verification 
units associated with a respective one of the communication units. These two 
5 verification units exchanges random number, encrypts these numbers by 
using private keys, returns the encrypted random numbers to their origin. 
Then the encrypted random number is decrypted based on public keys. If the 
received numbers corresponds to the transmitted numbers, the parties verifies 
each other an the secure session may take place. However, this requires that 

10 both communication units are provided with a smart card reader, which is not 
a necessary requirement in a serv^er. like e.g. an Internet server. Thus, this 
document is quite restricting for the user, since it requires that both parties 
have a smart card reader, and is less suitable for communication between a 
wireless communication apparatus and a data communication apparatus. 

15 Also, every time a session Is going to be established between the two 
communication apparatuses, an exchange of keys must be done. 

Also, US-A-5.371,794, by Sun Microsystems, discloses a way to providing a 
secure wireless communication link between a mobile nomadic device and a 

20 base computing unit. The mobile device sends a host certificate to the base 
along with a randomly chosen challenge value (CHI) and a list of supported 
shared key algorithms. The base sends random number (RN1) encrypted in 
the mobile's public key and an identifier for the chosen algorithm back to Jhe 
mobile. The base saves the RN1 value and adds the CHI value and the 

25 chosen algorithm to the mobile. The mobile verifies under the public key of the 
base the signature on the message. When the public key is verified, the 
mobile determines the value of RN1 by decrypting the public key under the 
private key of the mobile. The mobile then generates RN2 and a session key, 
and encrypts RN2 under the public key of the base to the base. The base 

30 verifies and decrypting the RN2. and determines the session key. Finally, the 
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mobile and the base can enter a data transfer phase using encrypted data 
which is decrypted using the session key which is RN1 + RN2. The values of 
RN1 and RN2 are always derived from the last key exchange, which may be 
from the initial connection setup or from the last key change message, 

5 whichever is more recent. This means that each time a data transfer is made, 
two new numbers is generated based on RN1 and RN2, which will make the 
data transfer quite slow. Thus, as in US- A-5. 307,41 1 , every time a session is 
going to* be established between the two apparatuses, in this case the mobile 
nomadic device and the base computing unit, an exchange of keys must be 

10 done. 

Summary of the invention 

The main object of the present invention is to establish a secure connection 
between a wireless communication apparatus and a data communication 
15 apparatus based on a wireless application protocol. 

Another object is to enable the user to re-establish a secure at a later 
occasion, since establishing a secure connection is a heavy procedure both 
computationally and due to intensive data transfer. That is why, there is a 
20 need to use the mutually agreed master secret for a relatively long time. The 
problem is to store the master key in a secure way. Partly due to that problem, 
it is common practice to restrict the lifecycle of the master secret and the 
associated secure session to e.g., 24 hours, after which it is required to 
perform the heavy key establishment procedure a new. 

25 

The main object is achieved in accordance with the present invention by 
connecting a wireless communication apparatus, e.g. a cellular phone, to a 
separate unit, e.g. a smart card, a SIM (Subscriber Identity Module) card, etc., 
which may store sensitive data of a secure connection. This means that the 
30 wireless communication apparatus having some kind of contact means, for 
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comprising the public key, it will generate a nnaster secret code, and 
calculates a signature based on the chosen algorithm, the public key and the 
master secret code. Thereafter, the wireless communication apparatus will 
transmit a respond to the data communication apparatus. This respond 
5 comprises the calculated signature. When the data communication apparatus 
receives the respond, comprising the signature, it will calculate the master 
secret code based on the chosen algorithm, the signature received, and the 
private -key. Finally, the data communication apparatus will be able to 
establish a secure connection to the wireless communication apparatus, 

10 

Further advantages of the vane arrangement according to the present 
invention will be apparent from the dependent claims. 

15 

Brief Description of the Drawing 



Fig. 1 schematically illustrates a preferred embodiment of a hand portable 
phone according to the invention. 

20 

Fig. 2 schematically shows the essential parts of a telephone for 
communication with a cellular or cordless network. 

Fig. 3 schematically shows how the secure session is set up between a client 
25 /phone and a server according to the invention. 

Fig. 4 illustrates the message stmcture for setting up a secure connection 
according to the invention. 



30 Detailed Description of Embodiments 
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during long-living WTLS sessions. Finally the nnemory of the smart card 16 is 
used for recording the level security of the sessions. According to the 
invention the \A/TLS support in a smart card 16 can be described with 
reference to the following three embodiments. 

5 

First embodiment. 

According to this embodiment, the smart card 16 is used for storage of 
permanent, typically certified, private keys and for performing operations 
using these keys. The operations includes signing operation (e.g., ECDSA or 
10 RSA) for client authentication when needed for the selected handshake 
scheme; key exchange operation using a fixed client key (e.g., ECDH key, in 
ECDH_ECDSA handshake). 

The smart card 16 is not required to perform the calculation of the master 
15 secret or operations using the master key. These calculations may 
advantageously be performed by the controller 18 of the phone. However, the 
smart card 16 may act as a persistent storage for WTLS secure session (and 
connection) data, including master secrets. In this case, master secrets would 
be calculated and used for key derivation in the volatile phone memory (the 
20 RAM 17a) but erased from there when not needed at that moment, e.g., when 
the user exits from secure WAP applications. Not storing session data 
persistently in phone 1 may improve security, e.g., in the case of a stolen 
phone 1 . It also brings better usability in the case of changing the smart card 
1 6 from one phone 1 to another. 

25 

Additionally, for portability, the smart card 16 may store needed certificates. 
Storage of trusted root certificates (or public keys) has significance also from 
security point of view: they must not be altered - but they can be exposed 
without danger. 

30 
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Note that when public key encryption based key exchange (e.g.. RSA) is used 
according to the first embodiment of the invention, there is no advantage in 
doing public key encryption on the smart card 16 w/hen the pre-master secret 
would anyway be returned to the phonel. for master secret calculation in the 
controller 18. 

When client authentication is not supported in WTLS. at the minimum, the 
smart card 16 only acts as a storage for session data. If client authentication 
is supported, the card would be able to perform a signing operation based on 
a private key (e.g., ECDSA or RSA) stored in the card, or key agreement 
calculation (e.g., ECDH) based on a fixed key stored in the card. 

Second embodiment. 

According to the second embodiment, the smart card 16 is used as a tamper 
resistant device for all crypto-critical functionality: storage of all persistent keys 
and operations using these keys. Besides the operations performed according 
the first embodiment, the smart card 16 now also supports the 
calculation (ECDH key exchange) or generation (RSA key exchange) of the 
pre-master secret; calculation and storage of the master secret for each 
secure session; and derivation and output of key material (for MAC. 
encryption keys, IV, finished check), based on the master secret 

The phone 1 stores MAC and message encryption keys as long as they 'Sre 
currently needed. These keys have a limited lifetime which may be negotiated 
during the WTLS handshake - in the extreme case they are used for a single 
message only. The phone 1 has to delete the from its RAM memory 1 7a when 
the user exits from the secure WAP applications. These keys can always be 
derived anew from the master secret if needed. 
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CLAIMS 

1. Method for establishing a secure connection between a wireless 
communication apparatus and a data communication apparatus based on 
5 a wireless application protocol, wherein said wireless communication 
apparatus having contact means for receiving information from a separate 
unit provided with memory means, said memory means comprising 
information to control the access of the wireless communication apparatus 
through a wireless communication network connected to said data 
10 communication apparatus, comprising the following steps: 

- connecting said wireless communication apparatus to the. separate 
unit, accessing the wireless communication network connected to said 
data communication apparatus 

- the wireless communication apparatus transmits a request to the data 
15 communication apparatus to establish a connection, said request 

comprising information of which pre-defined algorithm(s) the wireless 
communication apparatus supports. 

- upon reception of said request, the data communication apparatus 
choose at least one algorithm, associated with a public key and a 

20 private key, and transmits a message back to the wireless 

communication apparatus, said message comprising the public key 
and information about which algorithm the data communication 
apparatus has chosen, ^ 

- upon reception of the message, comprising the public key, the wireless 
25 communication apparatus generates a master secret code, and 

calculates a signature based on the chosen algorithm, the public key 
and the master secret code, and transmits a respond to the data 
communication apparatus, said respond comprising the calculated 
signature, 
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- upon reception of the respond comprising the signature, the data 
communication apparatus calculates the master secret code based on 
the chosen algorithm, the signature received and the private key, and 
establish a secure connection to the wireless communication 

5 apparatus, and 

- saving said master secret code on said memory means and in the data 
communication apparatus, in order to re-establish the connection at a 
l^ter occasion, 

10 2. A method according to claim 1, and comprising a step of saving said 
master secret under a pre-defined time. 

3. A method according to claim 1 or 2, and comprising a step of re- 
establishing the connection by 

- transmitting a request from the wireless communication apparatus to 
the data communication apparatus, said request comprising the 
calculated signature based on the chosen algorithm, the public key and 
the stored secret key, and 

upon reception of the request, the data communication apparatus 
calculates the master secret code based on the chosen algorithm, the 
signature received, and the private key, and, establish a secure 
connection to the wireless communication apparatus. 

4. A method according to claim 1, 2, or 3. and comprising a step of providing 
25 said memory means in a smart card. 

5. Wireless communication apparatus for establishing a secure connection to 
a data communication apparatus based on a wireless application protocol, 
said wireless communication apparatus comprising: 



15 



20 
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- cximmunication means for establishing a connection to a wireless 
communication network connected to said data communication 
apparatus, 

- contact means for receiving information from a separate unit provided 
5 with memory means, said memory means is provided with Information 

to control the access of the data communication apparatus through the 
wireless communication network, 

- reading means for reading information received from the data 
communication apparatus and the information provided on said 

10 memory means, 

- random generating means, for generating a master secret code. 

- pre-defined algorithm(s). to generate a signature based on said master 
secret code and a public key received from said data communication 
apparatus, which is to be used when the wireless communication 

15 apparatus is going to establish a secure connection to the data 

communication apparatus, and 

- said reading means coniprising a secure database provided with at 
least one master secret code and/or at least one signature related to 
one or more data communication apparatus, in order to re-establish a 

20 secure connection to a data communication apparatus. 

6. A wireless communication apparatus according to claim 5, having its 
memory means exchangeable. ^ 

25 7. An apparatus according to claim 5 or 6, said memory means is a smart 
card. 

8. An apparatus according to claim 5. 6. or 7. said memory means is a 
subscriber identity module. 

30 
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9. Memory card for establishing a secure connection between a wireless 
communication apparatus and a data communication apparatus based on 
a wireless application protocol, arranged to be connected to said wireless 
communication apparatus having contact means for receiving information 

5 from the memory card, and said memory card is provided with information 
to control the access of the data communication apparatus through a 
wireless communication network. 

10. A memory card according to claim 9, further comprising encryption means 
10 for encrypting the master secret, which is to be used as a signature for the 

wireless communication apparatus when it is establishing a secure 
connection. 

11. A memory card according to claim 9 or 10, comprising a secure database 
1 5 provided with at least one master secret code and/or at least one signature 

related to one or more data communication apparatus, in order to re- 
establish a secure connection to a data communication apparatus. 

12. A memory card according to claim 9, 10, or 11. is provided on a smart 
20 card. 

13. System for establishing a secure connection when using a wireless 
application protocol, comprising: 

- a data communication apparatus based on the wireless application 
25 protocol. 

- a wireless communication network, connected to said data 
communication apparatus. 

- a wireless communication apparatus having contact means for 
receiving information from a separate unit provided with memory 

30 means, and 
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- the separate unit provided with the memory means, said memory 
means, comprising information to control the access of the wireless 
communication apparatus through the wireless communication 
network, wherein 

5 - the wireless communication apparatus is arranged . to transmit a 
request to the data communication apparatus to establish a 
connection, said request comprising information of which pre-defined 
algorithm(s) the wireless communication apparatus supports, 

- upon reception of said request, the data communication apparatus is 
10 arranged to choose at least one algorithm, associated with a public key 

and a private key. and to transmit a message back to the wireless 
communication apparatus, said message comprising the public key 
and information about which algorithm the data communication 
apparatus will choose, 

15 - upon reception of said message, comprising the public key. the 
wireless communication apparatus is arranged to generate a master 
secret code, to calculate a signature based on the chosen algorithm, 
the public key and the master secret code, and to transmit a respond to 
the data communication apparatus, said respond comprising the 

20 calculated signature. 

- upon reception of the respond comprising the signature, the data 
communication apparatus is arranged to calculate the master secret 
code based on the chosen algorithm, the signature received, and 4he 
private key. and, thus establish a secure connection to the wireless 

25 communication apparatus, and 

- said memory means and the data communication apparatus are 
arranged to save said master secret code, in order to re-establish the 
connection at a later occasion. 
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14. A system according to claim 13, said master secret is arranged to be 
saved under a pre-defined time. 



15- A system according to claim 13, or 14. said memory means is a smart 
card. 
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US-A-5,307,41 1 describes the set up of a secure communication session 
between two communication units, such as phones or facsimile machines. 
The secure session is controlled by separate smart cards based verification 
units associated with a respective one of the communication units. These two 

5 verification units exchange random number, encrypt these numbers by using 
private keys, and return the encrypted random numbers to their origin. Then 
the encrypted random number is decrypted based on public keys. If the 
received numbers correspond to the transmitted numbers, the parties verify 
each other and the secure session may take place. However, this requires 
10 that both communication units are provided with a smart card reader, which is 
not a necessary requirement in a server, like e.g. an Internet server. Thus, 
this document is quite restricting for the user, since it requires that both 
parties have a smart card reader, and is less suitable for communication 
between a wireless communication apparatus and a data* communication 

15 apparatus. Also, every time a session is going to be established between the 
two communication apparatuses, an exchange of keys must be done. 

Also, US-A-5,371,794, by Sun Microsystems, discloses a way to providing a 
secure wireless communication link between a mobile nomadic device and a 
20 base computing unit. The mobile device sends a host certificate to the base 
along with a randomly chosen challenge value (GH1) and a list of supported 
shared key algorithms. The base sends random number (RN1) encrypted in 
the mobile's public key and an identifier for the chosen algorithm back to the 
mobile. The base saves the RN1 value and adds the CHI value and the 
25 chosen algorithm to the mobile. The mobile verifies under the public key of the 
base the signature on the message. When the public key is verified, the 
mobile determines the value of RN1 by decrypting the public key under the 
private key of the mobile. The mobile then generates RN2 and a session key, 
and encrypts RN2 under the public key of the base to the base. The base 
30 verifies and decrypting the RN2, and determines the session key. Finally, the 
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mobile and the base can enter a data transfer phase using encrypted data 
which is decrypted using the session key which is RN1 + RN2. The values of 
RN1 and RN2 are always derived from the last key exchange, which may be 
from the initial connection setup or from the last key change message, 

5 whichever is more recent. This means that each time a data transfer is made, 
two new numbers are generated based on RN1 and RN2, which will make the 
data transfer quite slow. Thus, as in US-A-5,307,41 1 , every time a session is 
going to be established between the two apparatuses, in this case the mobile 
nomadic device and the base computing unit, an exchange of keys must be 

10 done. 

Summary of the Invention 

The main object of the present invention is to establish a secure connection 
between a wireless communication apparatus and a data communication 
15 apparatus based on a wireless application protocol. 

Another object is to enable the user to re-establish a secure, connection at a 
later occasion, since establishing a secure connection is a heavy procedure 
both computationally ^a'nd^due to intensive data transfer. That is why, there is a 
20 need to use the mutually agreed master secret for a relatively long time. The 
problem is to store the master key in a secure way. Partly due to that problem, 
it is common practice to restrict the lifecycle of the master secret and the 
associated secure session to e.g., 24 hours, after which it is required to 
perform the heavy key establishment procedure anew, 

25 

The main object is achieved in accordance with the present invention by 
connecting a wireless communication apparatus, e.g. a cellular phone, to a 
separate unit, e,g, a smart card, a SIM (Subscriber Identity Module) card, etc, 
which may store sensitive data of a secure connection. This means that the 
30 wireless communication apparatus having some kind of contact means, for 



AMENDED SHEET 



05-0.8-2000. ^ ^ V EP 009904720 



5 

comprising the public key, it will generate a master secret code, and 
calculates a signature based on the chosen algorithm, the public key and the 
master secret code. Thereafter, the wireless communication apparatus will 
transmit a respond to the data communication apparatus. This respond 
5 comprises the calculated signature. When the data communication apparatus 
receives the respond, comprising the signature, it will calculate the master 
secret code based on the chosen algorithm, the signature received, and the 
private key. Finally, the data communication apparatus will be able to 
establish a secure connection to the wireless communication apparatus, 

10 

In accordance with a first aspect of the present Invention there is provided a 
method for establishing a secure connection between a wireless 
communication apparatus and a data communication apparatus based on a 
wireless application protocol, wherein said wireless communication apparatus 
15 has memory means including a separate unit comprising information to 
control the access of the wireless communication apparatus through a 
wireless communication network connected to said data communication 
apparatus, comprising the following steps: connecting said wireless 
communication apparatus to the separate unit, accessing the wireless 
20 communication network connected to said data communication apparatus 

the wireless comrnunication apparatus ^.transmits a request to the data 
communication appaijatus-to establish a connection, said request comprising 
information of which pre-defined algorithm(s) the wireless communication 
apparatus supports, upon reception of said request, the data communication 
25 apparatus chooses at least one algorithm associated with a public and a 
private key, and transmits a message back to the wireless communication 
apparatus, said message comprising the public key and information about 
which algorithm the data communication apparatus has chosen, upon 
reception, of the message, comprising the public key, the wireless 
30 communication apparatus generates a master secret code, and calculates a 
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signature based on -the chosen algorithm, the public key and the master 
secret code, and transmits a response to the data communication apparatus, 
said response comprising the calculated signature, upon reception of the 
respond comprising the signature, the data communication apparatus 
calculates the master secret code based on the chosen algorithm, the 
signature received and the private key, and establish a secure connection to 
the wireless communication apparatus, and saving said master secret code 
on said memory means and in the data communication apparatus, in order to 
re-establish the connection at a later occasion. 

According to a second aspect of the present Invention there is provided 
wireless communication apparatus for establishing a secure connection to a 
data communication apparatus based on a wireless application protocol, said 
wireless communication apparatus comprising: communication means for 
establishing a connection to a wireless communication network connected to 
said data communication apparatus, memory means including a separate unit 
provided with information to control the access of the data communication 
apparatus through the wireless communication networi^, means for generating 
a master secret code control means arranged to use a pre-defined 
algorithm(s) for generating a signature based on said master secret code and 
a public key received from said data communication apparatus, for use when 
the wireless communication apparatus establishes a secure connection to the 
data communication apparatus, said memory means comprising a secure 
database for storing at least one master secret code and/or at least one 
signature related to one or more data communication apparatus, in order to 
re-establish a secure'eorinection to a data communication apparatus. 

According to a third aspect of the present invention there is provided memory 
card for establishing a secure connection between a wireless communication 
apparatus and a data communication apparatus based on a wireless 
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application protocol, arranged to be connected to contact means, provided on 
said wireless communication apparatus, for providing information from the 
memory card to the wireless communication apparatus upon establishing a 
secure session to a/data communication apparatus, said information is 
arranged to control the access of the data communication apparatus through 
a wireless communication network, and to save a calculated master secret 
related to one or more data communication apparatus, in order to re-establish 
a secure connection to a data communication apparatus. 

Further advantages of the vane arrangement according to the present 
invention will be apparent from the dependent claims. 

Brief Description of the Drawing 

Fig. 1 schematically illustrates a preferred embodiment of a hand portable 
phone according to the invention. 

Fig. 2 schematically shows the essential parts of a telephone for 
communication with a cellular or cordless network. 

Fig. 3 schematically shows how the secure session is set up between a client 
/phone and a server according to the invention. 

Fig. 4 illustrates the message stmcture for setting up a secure connection 
according to the invention. 

Detailed Description of Embodiments 
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during long-living WTLS sessions. Finally the memory of the smart card IB is 
used for recording the level security of the sessions. According to the 
invention the WTLS support in a smart card 16 can be described with 
reference to the following three embodiments. 

First embodiment. ^ ' ^ ' 

According to this embodiment the smart card 16 is used for storage of 
permanent, typically certified, private keys and for performing operations 
using these keys. The operations include signing operations (e.g., ECDSA or 
RSA) for client authentication when needed for the selected handshake 
scheme; key exchange operations using a fixed client key (e.g., ECDH key, in 
ECDH^ECDSA handshake). 

The smart card 16 is not required to perform the calculation of the master 
15 secret or operations using the master key. These calculations may 
advantageously be performed by the controller 18 of the phone. However, the 
smart card 16 may act as a persistent storage for WTLS secure session (and 
connection) data, including master secrets. In this case, master secrets would 
be calculated and used for key derivation in the volatile phone memory (the 
20 RAM 17a) but erased from there when not needed at that moment, e.g., when 
the user exits from secure WAP applications. Not storing session data 
persistently in phone 1 may improve security, e.g., in the case of a stolen 
phone 1, It also brings better usability in the case of changing the smart card 
1 6 from one phone 1 to another. 

25 

Additionally, for portability, the smart card 16 may store needed certificates. 
Storage of trusted root certificates (or public keys) has significance also from 
security point of view: they must not be altered - but they can be exposed 
- without danger. 

30 
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Note that when public key encryption based key exchange (e.g., RSA) is used 
according to the first embodinnent of the invention, there is no advantage in 
doing public key encryption on the smart card 16 when the pre-master secret 
would anyway be returned to the phone 1, for master secret calculation in the 
5 controller 1 8. 

When client authentication is not supported in WTLS, at the minimum, the 
smart card 16 only acts as a storage for session data. If client authentication 
is supported, the card would be able to perform a signing operation based on 
10 a private key (e.g./ ECDSA or RSA) stored in the card, or key agreement 
calculation (e.g., ECPM) based on a fixed key stored in the card. 

Second embodiment. 

According to the second embodiment, the smart card 16 is used as a tamper 
1 5 resistant device for all crypto-critical functionality: storage of all persistent keys 
and operations using these keys. Besides the operations performed according 
the first embodiment, the smart card 16 now also supports the 
calculation (ECDH key exchange) or generation (RSA key exchange) of the 
pre-master secret; calculation and storage of the master secret for each 
20 secure session; and derivation and output of key material (for MAC, 
encryption keys, IV, finished check), based on the master secret 

The phone 1 stores MAC and message encryption keys as long as they are 
currently needed. These keys have a limited lifetime which may be negotiated 
25 during the WTLS handshake - in the extreme case they are used for a single 
message only. The phone 1 has to delete the from its RAM memory 17a when 
the user exits from the secure WAP applications. These keys can always be 
derived anew from the master secret if needed. 
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1. Method for establishing a secure connection between a wireless 
5 communication apparatus and a data communication apparatus based on a 
wireless application protocol, wherein said wireless communication apparatus 
has memory means including a separate unit comprising information to 
control the access of the wireless communication apparatus through a 
wireless communication network connected to said data communication 
1 0 apparatus, comprising the following steps: 

connecting said wireless communication apparatus to the separate unit, 
accessing the wireless communication network connected to said data 
communication apparatus 

the wireless comrinunication apparatus ' transniits a request to the data 
15 corrimunication apparatus to establish a connection, said request comprising 
infomiation of which pre-defined algorithm(s) the wireless communication 
apparatus supports, 

upon reception of said request, the data communication apparatus chooses at 
least one algorithm associated with a public and a private key, and transmits a 
20 message back to the wireless communication apparatus, said message 
comprising the public key and information about which algorithm the data 
communication apparatus has chosen, 

upon reception of the message, comprising the public key, the wireless 
communication apparatus generates a master secret code, and calculates a 
25 signature based on the chosen algorithm, the public key and the master 
secret code, and transmits a response to the data communication apparatus, 
said response comprising the calculated signature, 

upon reception of the respond comprising the signature, the data 
communication apparatus calculates the master secret code based on the 
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chosen algorithm, the signature received and the private key, and establish a 
secure connection to the wireless comnnunication apparatus, and 
saving said master secret code on said memory means and in the data 
communication apparatus, in order to re-establish the connection at a later 
5 occasion. 

2. A method according to claim 1, and comprising a step of saving said 
- master secret under a pre-defined time. 

10 3. A method according to claim 1 or 2, and comprising a step of re- 
establishing the connection by 

transmitting a request from the wireless communication apparatus to the data 
communication apparatus, said request comprising the calculated signature 
based on the chosen algorithm, the public key and the stored secret key, and 
15 upon reception of the request, the data communication apparatus calculates 
the master secret code based on the chosen algorithm, the signature 
received, and the .private key, and, establish a secure connection to the 
wireless communicatio.n apparatus. 

20 4. A method according to claim 1, 2, or 3, and comprising a step of 
providing said separate unit in a smart card. 

5. Wireless communication apparatus for establishing a secure 
connection to a data communication apparatus based on a wireless 

25 application protocol, said wireless communication apparatus comprising: 

communication means for establishing a connection to a wireless 
communication network connected to said data communication apparatus, 
memory means including a separate unit provided with information to control 
the access of the data communication apparatus through the wireless 

30 communication network, 
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means for generating a master secret code 

control means arranged to use a pre-defined algorithm(s) for generating a 
signature based on said master secret code and a public key received from 
said data communication apparatus, for use when the wireless 
5 communication apparatus establishes a secure connection to the data 
communication apparatus, 

said memory means comprising a secure database for storing at least one 
master secret code and/or at least one signature related to one or more data 
communication apparatus, in order to re-establish a secure connection to a 
10 data communication apparatus- 
es A wireless communication apparatus according to claim 5, having its 
memory means exchangeable. 

15 7. Wireless communication apparatus according to claim 5 or 6 wherein 
the master secret code is stored on the separate unit 

8. Wireless communication apparatus according to any one of claims 5 to 
7 wherein the signature is stored on the separate unit. 



20 



9. Wireless communication apparatus according to any one of claims 5 to 
8 wherein the master secret code is generated on the separate unit. 



10. Wireless communication apparatus according to any one of claims 5 to 
25 9 wherein the signature is generated on the separate unit. 

11. Wireless communication apparatus according to any one of claims 5 to 
10 wherein the separate unit comprises a smart card. 
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12. An apparatus according to claim 11 wherein the smart card is a 
subscriber identity module, 

13. A smart card according to claims 1 1 or 12. 

5 

14. A wireless communication apparatus according to any one of claims 5 
to 12 without the smart card of claim IS- 
IS. Memory card for establishing a secure connection between a wireless 

10 communication apparatus and a data communication apparatus based on a 
wireless application protocol, arranged to be connected to contact means, 
provided on said wireless communication apparatus, for providing information 
from the memory card to the wireless communication apparatus upon 
establishing a secure session to a data communication apparatus, said 
15 information is arranged to control the access of the data communication 
apparatus through a wireless communication network, and to save a 
calculated master secret related to one or more data communication 
apparatus, in order to re-establish a secure connection to a data 
communication apparatus. 

20 

16. A memory card according to claim 15, further comprising encryption 
means for encrypting the master secret, which is to be used as a signature for 
the wireless communication apparatus when it is establishing a secure 
connection- f » 

25 .-r^- ' . 

17. A memory card according to claim 15 or 16, comprising a secure 
database provided with at least one master secret code and/or at least one 
signature related to one or more data communication apparatus, in order to 
re-establish a secure connection to a data communication apparatus. 

30 
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18. A memory card according to claim 15. 16, or 17, is provided on a 
smart card. ,* ' . i . 

19. System for establishing a secure connection when using a wireless 
5 application protocol, comprising: 

a data communication apparatus based on the wireless application protocol, 
a wireless communication network, connected to said data communication 
apparatus, 

a wireless communication apparatus having memory means Including a 
10 separate unit comprising information to control the access of the wireless 
communication apparatus through the wireless communication network, 
wherein 

the wireless communication apparatus is arranged to transmit a request to the 
data communication apparatus to establish a connection, said request 
15 comprising information of which pre-defined algorithm(s) the wireless 
communication apparatus supports, 

upon reception of said request, the data communication apparatus is 
arranged to choose at least one algorithm, associated with a public key and a 
private key, and to transmit a message back to the wireless communication 
20 apparatus, said message comprising the public key and information about 
which algorithm the data communication apparatus will choose, 
upon reception of said message, comprising the public key, the wireless 
communication apparatus is arranged to generate a master secret code, to 
calculate a signature based on the chosen algorithm, the public key and the 
25 master secret code, and to transmit a respond to the data communication 
apparatus, said respond comprising the calculated signature, 
upon reception *of the respond comprising . the signature, the data 
communication apparatu^is arranged to calculate the master secret code 
based on the chosen algorithm, the signature received, and the private key. 
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'and, thus establish a secure connection to the wireless communication 
apparatus, and 

said memory means being arranged to save said master secret code, in order 
to re-establish the connection at a later occasion. 



5 



20. A system according to claim 19, said master secret 5s arranged to be 
saved under a pre-defined lime. 

21. A system according to claim 19, or 20, said memory means is a smart 
10 card- 

22. A wireless communication apparatus for establishing a secure 
connection to a data communication apparatus through a wireless network 
based on a wireless application protocol, said wireless communication 

15 apparatus comprising: 

means for establishing a connection with the data communication apparatus 
through the wireless network 

means for retrieving access information including which of a set of pre-define 
algorithms is supported, for transmission to the data communication 
20 apparatus; 

means for processing information including a public key and the selection of 
one of the supported algorithms received from the data communication 
apparatus for storage; 

means for retrieving a signature based on a generated master secret code 
25 and the public key received from the data communication apparatus; and 

means for utilising the signature and/or the master secret key during 
communication with the data communication apparatus in order to re- 
establish a secure connection. 
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23. A memory card for establishing a secure connection between a 
wireless communication apparatus and a data communication apparatus 
based on a wireless application protocol comprising contact means for^ 
cooperation with the wireless communication apparatus 
5 a memory for storing a master secret code associated with the data 
communication apparatus and responsive to a request from the wireless 
communication apparatus to provide such code for utilisation of the master 
secret key during communication with the data communication apparatus in 
order to re-establish a secure connection. ^ 

10 a"*" 

24. Wireless cortimunication apparatus for establishing a secure 
connection to a data communication apparatus based on a wireless 
application protocol, said wireless communication apparatus comprising: 
communication means for establishing a connection to a wireless 
1 5 communication network connected to said data communication apparatus, 

memory means provided with information to control the access of the data 
communication apparatus through the wireless communication network upon 
establishing a secure session to a data communication apparatus, 
reading means for reading information received from the data communication 
20 apparatus and the information provided on said memory means, 
means for generating a master secret code, 

control means an-anged to use a pre-defined algorithm(s) for generating a 
signature based on said master secret code and a public key received from 
said data communication apparatus, which is to be used when the wireless 
25 communication apparatus is going to establish a secure connection to the 
data communication apparatus, and 

said reading means comprising a secure database provided with at least one 
master secret code and/or at least one signature- related to one or more data 
communication apparatus, in order to re-establish a secure connection to a 
30 data communication apparatus. 
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Where a demand for intemational preliminary examination has (seen /is filed, see below. 



How? Either by cancelling one or more entire claims, by adding one or more new claims or by amending the text of 

one or more of the daims as filed. 

A replacement sheet must be submitted for each sheet of the claims which, on account of an amendment or 
amendments, differs from the sheet originally filed. 

All the claims appearing on a replacement sheet must be numtjered in Arabic numerals. Where a claim is 
cancelled, no renumbering of the other claims is required. In alt cases where daints are renumbered, they must 
be renumtsered consecutively (Administrative Instructions, Section 205(b)). 

The amendments must be made In the language in which the International application is to be published. 



What documents must/may accompany the amendments? 
Letter (Section 205(b)): 

The amendments must be submitted with a letter 

The letter will not t>e putJished with the intemational application and the amended claims. It should not t^e 
confused with the "Statement under Article 19(1)" (see below, under "Statement under Article 19(1)T 

The letter must be In English or French, at the choice of the applicant. However, It the language of the 
International application Is English, the letter must be In English; If the language of the International application 
Is French, the letter must t>e In Frencti. 
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NOTES TO FORM PCT/ISA/220 (continued) 



The tetter must indicate the differences between the claims as filed and the claims as amended. It must, in 
particular, indicate, in connection with each claim appearing in the international application (it being understood 
that identical indications conceming several claims may be grouped) .whether 

(i) the claim is unchanged; 

Cm) the claim is cancelled; 

(iii) the claim is new; 

Crv) the claim repfaoes one or more daims as filed; 

(v) the claim is the result of the division of a claim as 5led. 



The following examples Illustrate the manner In which amendments must be explained In the 
accompanying letter: 

1 . [Where originally there were 46 claims and after amendment of some claims there are 51 ): 
"Claims 1 to 29. 31 , 32, 34, 35, 37 to 48 replaced by amended claims bearing the same numberB; 
claims 30, 33 and 36 unchanged; new claims 49 to 51 added.' 

2. [Where originally there were 1 5 claims and after amendment of all claims there are 1 1 ]: 
*Ctaims 1 to 1 5 replaced by amended claims 1 to 1 1 / 

3. [Where originally there were 1 4 claims and the amendments consist in cancelling some claims and in addng 
new claims]: 

'Claims 1 to 6 and 14 unchanged; claims 7 to 13 cancelled; new claims 1 5, 16 and 17 added." or 
"Claims 7 to 13 cancelled; new claims 15, 16 and 17 added; all other claims unchanged." 

4. (Where various kinds of amendments are made): 

"Claims 1 -1 0 unchanged; claims 1 1 to 1 3, 1 8 and 1 9 cancelled; claims 1 4, 1 5 and 1 6 replaced by amended 
daim 14; claim 17 subdivided into amended claims 15, 16 and 17; new claims 20 and 21 added." 



*^tatement under article ^9{\)'* (Rule 46.4) 

The amendments may bo accompanied Ijy a statement explaining the amarKfments and indicating any impact 
that such amendments might have on the description and the drawings (which cannot t>e amended under 
Article 19(1)). 

The statement will be published with the international application and the amended claims. 
It must be In the language In which the International apppltcatlon la to t>e published. 

It must be brief, not exceeding 500 words if in English or if translated into English. 

It should not be confused with and does not replace the letter indicating the differences tsetween the claims 
as filed and as amended. It must be filed on a separate sheet and must be identified as such by a heading, 
preferably by using the words "Statement under Article 19(1)." 

It may not contain any disparaging comments on the international search report or the relevance of citations 
contained in that report. Reference to citations, relevant to a given claim, contained in the intemationaJ search 
report may t^e made only in connection with an amendment of that claim. 



Consequence If a demand for International preliminary examination has already been filed 

If, at the time of filing any amendments under Article 19, a demand for international preliminary examination 
has already been submitted, the applicant must preferably, at the same time of filing the amendments with the 
International Bureau, also file a copy of such amendments with the International Preliminary Examining 
Authority (see Rule 62.2(a), first sentence). 



Consequence with regard to translation of the International application for entry Into the national phase 

The applicant's attention is drawn to the fact that, whore upon entry into the national phase, a translation of the 
claims as amended under Article 19 may have to be furnished to the designated/elected Offices, instead of, or 
in addition to, the translation of the claims as filed. 

For further details on the requirements of each designated/elected Office, see Volume It of the PCT Applicant's 
Guide. 
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